[LEDE-DEV] [PATCH 2/2] ustream-ssl: Remove RC4 from ciphersuite in server mode.

Rosen Penev Sat, 31 Mar 2018 18:38:47 -0700

SSLlabs complains that RC4 is enabled as it is insecure, thereby capping the 
grade to B.


Signed-off-by: Rosen Penev <ros...@gmail.com>
---
 ustream-openssl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 2faa855..eb03dab 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -52,6 +52,8 @@ __ustream_ssl_context_new(bool server)
 #ifndef OPENSSL_NO_ECDH
        SSL_CTX_set_ecdh_auto(c, 1);
 #endif
+       if (server)
+               SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
        SSL_CTX_set_quiet_shutdown(c, 1);
 
        return (void *) c;
-- 
2.16.3


_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] [PATCH 2/2] ustream-ssl: Remove RC4 from ciphersuite in server mode.

Reply via email to